Modify

Opened 5 years ago

Closed 4 years ago

#13446 closed enhancement (fixed)

Missing IPv6 NAT modules nf_nat_ipv6 and ip6table_nat

Reported by: berni@… Owned by: developers
Priority: normal Milestone: Chaos Calmer 15.05
Component: kernel Version: Trunk
Keywords: Cc:

Description

Both kernel and iptables in current trunk should be recent enough to support IPv6 NAT, but at least two kernel modules are missing and I cannot find them in any package.

The missing modules are nf_nat_ipv6 and ip6table_nat

Trunk r36485

Attachments (5)

netfilter.diff (904 bytes) - added by berni@… 5 years ago.
netfilter.2.diff (1.7 KB) - added by anonymous 5 years ago.
Updated patch
netfilter.3.diff (1.6 KB) - added by anonymous 4 years ago.
Patch modified for SVN r37855
include_netfilter_mk-v2.diff (914 bytes) - added by dileks 4 years ago.
Patch to fix nf-nat-ipv6 issue (EXPERIMENTAL)
include-netfilter_mk-kernelspace-v3.diff (1.1 KB) - added by dileks 4 years ago.
Patch to fix nf-nat-ipv6 issue (kernel-space only)

Download all attachments as: .zip

Change History (9)

comment:1 Changed 5 years ago by anonymous

The attached trial-and-error patch installs the nf_nat_ipv6, ip6table_nat, ip6t_MASQUERADE and ip6t_NPT kernel modules in the nat package. I'm not exactly sure about the placement through, it belongs to both IPv6 and NAT.

The additional files are not very big (on ar71xx):
-rw-r--r-- 1 root root 3212 May 12 15:16 ip6t_MASQUERADE.ko
-rw-r--r-- 1 root root 3124 May 12 15:16 ip6t_NPT.ko
-rw-r--r-- 1 root root 4572 May 12 15:16 ip6table_nat.ko
-rw-r--r-- 1 root root 5552 May 12 15:16 nf_nat_ipv6.ko

With this setup I have verified MASQUERADE and SNAT to work, with DNAT very likely working as well. NPT does not work yet, I guess this needs some work in the iptables package as well

Changed 5 years ago by berni@…

Changed 5 years ago by anonymous

Updated patch

comment:2 Changed 5 years ago by anonymous

Patch updated.

NPT (DNPT and SNPT) modules are shipped in ipt-nat and is untested, but can be configured
REDIRECT is shipped in ipt-nat-extra and works
NETMAP is shipped in ipt-nat-extra and is untested, but can be configured

The assignment to the packages needs to be debated. NPT has the big advantage of not relying on conntrack, so it could be moved into ipt-core instead. And I'm not exactly sure whether one wants to have the (although pretty small) addition of nf_nat_ipv6/ip6table_nat/ip6t_MASQUERADE in ipt-nat.

Changed 4 years ago by anonymous

Patch modified for SVN r37855

Changed 4 years ago by dileks

Patch to fix nf-nat-ipv6 issue (EXPERIMENTAL)

comment:3 Changed 4 years ago by dileks

Follow also thread "[OpenWrt-Devel] Building nf_nat_ipv6.ko".

Changed 4 years ago by dileks

Patch to fix nf-nat-ipv6 issue (kernel-space only)

comment:4 Changed 4 years ago by cyrus

  • Resolution set to fixed
  • Status changed from new to closed

Incorporated in r37866.

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.